Computer networks offer users ease and efficiency in exchanging information. Computer networks are typically comprised of integrated servers, routers, terminals and other components, interoperating and sharing information. Such networks manage a growing list of a variety of needs including transportation, commerce, energy management, communications, and defense.
Unfortunately, the very interoperability and sophisticated integration of technology that make computer networks such valuable assets also make them vulnerable to attack, and make dependence on networks a potential liability. Numerous examples of planned network attacks, such as viruses, worms, and spyware have shown how interconnectivity can be used to spread harmful program code. In addition, public or open network architectures, such as the Internet, permit hackers to have access to information on many different computers. These malicious attackers attempt to gain access to messages generated by a user's computer and to the resources of the user's computer, as well as to use knowledge regarding the operations of the protocol stack and operating systems of users' computers in an effort to gain access to their computers without authorization. Such illicit activity presents a significant security risk to any computer coupled to a network where a user for one computer may attempt to gain unauthorized access to resources on another computer of the network. Furthermore, organized groups have performed malicious and coordinated attacks against various large online targets.
In addition to security policy concerns, assessing local systems and networks to ensure they comply with additional policies is also desirable. For example, many corporate entities maintain strict internal policies, not just with regard to security from viruses, malware, or other malicious attacks intended to harm systems, but also from information-based attacks. For example, theft of corporate information by persons inside the company is an increasing concern in today's competitive marketplace. In addition, external persons may attempt to access internal information overtly or covertly, and policies may be implemented to prevent such breaches. Still further, companies may also choose to implement policies to prevent employees from merely accessing their personal email accounts, or simply surfing the Internet. Wasted employee time on such activities while on the company clocks continues to be an expensive problem for companies, and ensuring policies intended to prevent such abuses are in place is beneficial for such companies.
When assessing the security posture of an endpoint device such as a computer terminal or workstation, or even a local networked device such as a computer server, scanning software is typically used to determine if compliance with specific policies is being met by these target assets. Exemplary conventional techniques for scanning remote computer devices include deploying scanning software using a server in a client-server architecture. In this type of deployment, the scanning software conducts a network-based assessment of the target system, without any software installed on the endpoint computer device. Such a technique may be known as remote scanning. Another conventional approach is when the scanning software is deployed on the local target system. In this type of deployment, the entire scanning software is a “thick client” installed on the local device that contains the scanning engine. Such a technique may be known as local scanning.
Regardless of the remote assessment technique employed, when conventional approaches are used to assess target systems to determine compliance with specific policies, later changes or updates to target systems made in order to comply with such policies require another scan in order to determine the updated status of the target. Obviously, performing a follow-up scan, or even additional scans if further policy updating has occurred, adds additional time to the overall policy compliance assessment. In addition, increasing the number of scans performed occupies valuable system resources at both ends of the scan, resources that could be better focused on other tasks. Accordingly, what is needed is a technique for assessing the policy compliance posture of target systems that conserves both scanning and target system resources, but that does not suffer from the deficiencies found in conventional approaches and techniques.